The data of 55 thousand bank cards leaked to the Web. This was reported on Thursday by the Central Bank and the Visa payment system. Hackers hacked the Latvian marketplace Joom, which specializes in the delivery of goods from China. Among the victims are Russian clients.
As experts explain, only fragmentary information leaked: the first six and last four digits of the card number, its expiration date, as well as the client’s mobile phone and e-mail. This is not enough to complete the operation without the client’s knowledge. First, at least two digits in the card number are missing. Secondly, there is no three-digit code indicated on the back. Nevertheless, some banks decided not to risk it and reissued the cards. And others took the operations of compromised customers under special control, RBC reports.
According to experts, the data obtained can only be used in attempts to deceive with the help of social engineering. Fraudsters can call and, using real data, mislead the client. To make him think that he is calling a current bank employee. According to statistics from the Central Bank, last year in almost 70% of cases, money was stolen in this way – for example, through a call from a “security officer”. In total, in 2019, criminals stole 6.42 billion rubles from bank customers. And this is only official data. The real numbers are much higher, experts say.As explained in Group IB, which deals with information security, an ordinary user cannot find out whether your card data has really been stolen. For example, looking for such ads on the Darknet or in specialized telegram channels does not make sense and can be even more dangerous for the wallet. First, scammers usually ask for money to access databases. And it’s not a fact that they will send you anything in return. Secondly, even if you manage to download them to look up your name, the computer can pick up a virus.It is much more effective to apply preventive measures, correctly decipher indirect signs and instantly respond to direct attempts to hack your bank account. “Komsomolskaya Pravda” recalls the basic rules of financial security on the Web in order to protect your bank card from fraudsters.
Step-by-step instructions for protecting a bank card
1. Do not tell anyone else the secret details of your card: CVV (three digits on the back) and pin code.
The only thing that call center employees can ask you is a code word. But this happens only if you call the bank, and not vice versa.
2. Leave as little personal financial information as possible on the Internet.
Do not post photos of a bank card or scans of documents on social networks. It is advisable not to even mention which bank you are a client of.
3. Set up two-factor authentication.
So that when entering the online bank and conducting transactions, you need not only to enter a permanent password, but also to confirm your decision with a one-time password that comes by SMS.
4. Write in the office of the mobile operator statement that the change of the SIM card can not take place without your participation (for example, by proxy).
This is necessary so that fraudsters do not reissue the SIM card and do not relink your bank account to it.
5. Don’t click on suspicious links.
Otherwise, you can download a virus that will transfer all financial information to scammers. Download only official bank applications in the AppStore and Google Play. They are easy to identify by the total number of downloads. The official application of a large bank cannot have several hundred downloads. Usually we are talking about tens of thousands.
6. Use complex passwords.
It is desirable that they are different for different devices and resources. Plus, it is advisable to change them from time to time.
7. Use a separate bank card for online purchases.
Or create a digital analogue of it. This can be done in the bank’s mobile application. Then only the data of the virtual twin will appear on the Web, on which you can set a limit or transfer money there immediately before buying.
8. When paying in the store, try to pay with your smartphone to confirm the operation.
In this case, a tokenized operation is carried out, the data of which does not make sense to intercept for fraudsters. When entering a password for contactless payment, cover the phone with your hand. Better yet, use the fingerprint or face scan function.